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COMPUTER SYSTEM SECURITY 
CROSS-RF,FF,PFNrFS TO PFT.ATED appt ir-^T^T^x^c 
This non-provisional U.S. national application, filed under 35 U.S.C §1 1 1(a) claims 
under 35 U.S.C. §119(e)(,), the benefit of d.e filing date of provisional U.S. applications nos' 
60/006,431. filed under 35 U.S.C. §lll(b) on November 10. 1995; 60/011,320, filed under 
35 U.S.C. §11 Kb) on February 8, 1996; and (to be provided), filed under 35 U S C §1 11(b) 
on March 8, 1996 as attorney docket no. 366431.122P3, the teachings of all three being 
mcorporated herein by reference. 

BACKGROUlSfD OF THF T NVKNTiO|s 

1- Field of t^e ipvf nM^n 

This invention relates to the field of computer system security for preventing unwanted 
intrusion into a computer system. 

2- Packeroiind of the fpvf>nr'"n 

The vast amount of data and information stored in and processed by computers makes 
them obvious targets for corporate spies and other information thieves. Unfortunately 
computers generally are susceptible to security breaches. An ability of a bus coupling a host 
computer to one or more peripherals to use a direct memory access (DMA) en.me to directly 
read from and write to the host computer's physical memory locations exacerbates the " 
problem. For example, a rogue device can be tapped mto the network and can use the DMA 
engine to obtain massive amount.s of data from the host and its peripherals. A bus with this 
ability to use a host DMA engine is described in U.S. Provisional Applications Serial Nos 
60/006.431; 60/011,320; and attorney docket no. 36643 1-122P3. filed on November 10 
1995. Febnrary 8. 1996, and March 8. 1996. respectively. Since peripherals attached to such 
a bus may be several meters away from the host computer, an unwanted attachment of a rosue 
device to the bus which could monitor data traffic on the bus and directly ac'^ess host memory 
could go unnoticed by legitimate system users. 

Conventionally, an addition of security feamres to a modern. ^ -h-performance 
computer system necessitated incurring substantial costs, especially in order to avoid causing 
dimmrshed system performance. There is a need, therefore, for a reliable, low-cost security 



wo 97/37305 — — ^ PCT/US97/04905 



system to prevent unwanted intrusions into a computer system. Optimally, the system should 
not affect system performance. 

SinvtMARY O F THF INVENTION 

Security from an unwanted intrusion into a computer system is provided by coupling 
a host component with a peripheral component using a high-speed serial bus having a high- 
speed physical layer and using feamres of the bus to implement the security. 

PRTFF DKSCRIP TTON OF THE DRAWINGS 

The following detailed description will be more fully understood with reference to the 
accompanying drawings in which: 

Fig- 1 is a block diagram of a system of the invention using a high-speed serial bus for 

providing security; 

Fig. 2 is a schematic of a high-speed serial bus cable; 

Fig, 3 is a schematic view of the wiring of the cable shown in Fig. 2. 

Fig. 4 is a flow chart of the operation of an embodiment of the invention; 

Fig. 5 is a flow chart of the operation of another embodiment of the invention: and 

Fig. 6 is a flow chart of yet another embodiment of the invention. 

nFTATf ED D ESCRIPTION OF PREFERRED EMBODIMENTS 

A topology of a system embodying the invention is shown in Fig. 1 Host computer 

10 includes host controller 11, which provides an interface to bus hub 13.1. Host controller 

1 1 governs data movement between host 10 and peripherals 16-18 and provides an interface 
to the memoiy system of host 10, such as DMA engme 44, memory controller 48 and memory 
42. Host controller 11 is coupled to DMA engine 44, which is coupled fo memory controller 
48. In an embodunent, host controller 11, DMA engme 44 and memory controller 48 are part 
of a single integrated circuit. 

The nigh-speed physical layer or links of bus system 12, to be described below, can 
communicate with DMA engine 44 to directly access memory 42, for example through 
memory controller 48. The direct memory accessing capability of bus system 12 contributes 
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to the very low Jatency of the bus system. Peripherals on bus system 12, such as peripherals 
16-18 are permitted real-time, direct access to host memory 42 using DMA engine 44. 

Bus system 12 includes hub 13. 1 located within the confmes of host computer 10. One 
or more mass storage devices such as disk drive 15 is coupled to hub 13.1. Bus cable 14.1 
couples internal hub 13.1 to external hub 13.2 onto which a plurality of peripherals can be 
coupled. Various peripherals 16-18 can be coupled to hub 13.*2 by bus cables 14.2, 14.3 and 
14.4. For the purposes of this disclosure, the high-speed bus and bus system 12 means any 
of cables 14.1-14.4 and hubs 13.1 and 13.2. Peripherals which can be coupled to hubs 13.1 
or 13.2 include, for example, printers, scanners, cameras, disk drives, network interfaces, etc. 
As should be apparent to one of ordinary skilK coupled peripherals can be a substantial 
distance from host 10, especially when using multiple linked hubs 13.x. Furthermore, the 
high-speed links of bus cables 14.1 - 14,4 and hubs 13.1 and 13.2 use DMA engine 44 to 
allow peripherals 16-18 to directly access host computer memory 42. Although this latter 
feature of the bus helps provide it with the qualities of low latency and high bandwidth, it also 
makes host memory susceptible to unauthorized access by rogue devices coupled to any of 
buses 14. 1 - 14.4 or hubs 13. 1 and 13.2. The invention protects the security of host computer 
10 to help prevent a hacker from directly accessing main memory 42 using DMA engine 44, 
through memory controller 48. 

A schematic view of a bus cable is shown in Fig. 2. Fig. 2 shows, for example; bus 
cable 14.2 linking peripheral 16 to external hub 13.2, but it should be understood that Fie 2. 
also can represent any of bus cables 14.M4.4 and hubs 13.1 and 13.2. Bus cable 14.2 has 
a pair of opposing, unidirectional, high speed, shielded, twisted pairs defining high-speed 
physical layers or links 21 and 22, linking transceiver pairs 23 and 24. Transceivers 23 and 
24 are AC coupled via shielded links 21 and 22 with 100 ohm differential mipedance. 
Transceiver 23 has driver 25 and receiver 26. Transceiver 24 has driver 27 and receiver 28. 
Bus cable 14.2 also includes a secondary bus component 34, such as a Universal Serial Bus 
(USB), having link 28 which comprises a bidirectional pair coupling transceiver 29 with 
transceiver 30. USB is well known to those havmg skill in the art and a technical specification 
on the bus can be found on the World Wide Web at Uniform Resource Locator (URL) address 
http://www.teleport.com/ --usb/. The invention makes substantial use oi the secondary bus 
component in all of bus cables 14.1 - 14.4 and hubs 13.1 and 13.2 as service layers for 
implementing many security' features of the invention, as will be more fully described below. 
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The secondary link, such as a USB link, is available for implementing the security features 
because unlike the high-speed links of bus cables 14.1-14.4 and hubs 13.1 and 13.2, the 
secondary links do not have DMA engine access. No danger exists that a rogue device can 
access memory through the secondary links. Access to memory through the secondary links 
is controlled entirely, for example, by computer 10, for example by operating system 41 and 
processor 46, and thus the secondary links are inherently trusted by computer 10. No device 
can access host memory 42 through the secondary links without processor 46 and operating 
system 41 knowing about it. A peripheral using an active high-speed link of the bus system 
of the invention may directly access host memory 42, however, using DMA engine 44, 
without knowledge by processor 46 or operating system 41 . It should be understood by a 
person of ordinary skill that operation of processor 46 and operating system 41 are mumally 
dependent and reference to one necessarily incorporates reference to the other. 

The secondar>' links of bus cables 14.1-14.4 and hubs 13.1 and 13.2 are split-off from 
the high-speed links inside of computer 10. For example, a secondary lead 49 provides a 
secondary bus path to secondary' bus controller 50. In an embodiment of the' invention, 
secondary bus controller 50 is a USB bus controller known to those having skill in the art. 
Secondary bus controller 50 is coupled to memory controller 48 through an input/output (I/O) 
bus 52, such as a peripheral control interface (PCI) bus inside computer 10. 

Fig. 3 is a more detailed view of high-speed links 21 and 22 and secondary link 28 of 
bus cable 14.2. High-speed links 21 and 22 are twisted pairs having internal shielding 31. 
Links 21 and 22 are unidirectional, but combine to provide full-duplex communications- 
Secondary link 28 is a bi-directional, twisted pair path. All of links 21, 22, and 28 are 
shielded by shield 39. Voltage supply 32 and ground wires 33 also are associated with the 
secondary component 34 of bus cable 14.2. 

The invention uses the secondary links in one or more of the high-speed bus cables 
14.1-14.4 to provide the security features of the invention. For example, one method of 
providing security is to prevent use of a high-speed link, such as links 21 and 22 of bus cable 
14.2, for example by disabling (or not enabling) transceivers 23 and 24 until the identity of 
a peripheral component, such as printer 16, is verified through the secondary links. 
Preferably, this is done at system initial izatioii instep 61 at Fig. 4). For example, processor 46 
and software in computer node 10, for example operating system 41, can attempt to identify 
the peripheral, such as peripheral 16, for example by checking through the secondary links for 
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expected switch settings in switch 43 (step 62). A signal delivered to peripheral 16 from 
computer node 10 will be altered in a definable manner according to the switch settings, 
returned over the secondary links (step 63) and interpreted by processor 46 and operating 
system 41 in computer node 10 as a valid or invalid verification of the identity of peripheral 
16 (step 63), In an alternative embodiment, an active component in a peripheral, such as 
peripheral 16, could transmit an expected message back to computer node 10 through the 
secondary links in response to a query or challenge received through the secondary links (step 
64). Various authentication protocols, which are known to those having skill in the art, may 
be used by host 10 and a peripheral, such as peripheral 16, in the challenge and response 
transmissions. In any event, if the peripheral, such as peripheral 16 is affirmatively identified 
(step 64), operating system 41 in computer node 10 permits use of high-speed links 21 and 22 
(step 65), such as by enabling high-speed transceivers 23 and 24 and use of other high-speed 
links in the physical data transmission path to peripheral 16, Use of the high-speed links is 
denied if the peripheral is not identified (step 66). 

In another embodiment that uses the secondar>' links of bus cables 14,1 - 14.4, a 
writable storage medium, such as storage medium 45, can be installed in a peripheral intended 
for use with the bus system of the invention. The storage medium can be pre-encoded^with 
a unique signature. In another embodiment, upon initial installation of the peripheral, 
software, such as operating system 41 resident in memory 42 on host computer 10 writes into 
storage medium 45 through secondary links the unique identifying code, which will be 
"remembered" by operating system 41 as the peripheral's dedicated signature. During 
subsequent system initializations (step 61), the operating system 41 in computer node 10 
queries the peripheral through the secondary links (step 62), such as secondary link 28, for the 
dedicated signature stored in the storage medium 45 (step 63) before permitting use of the 
high-speed links (step 65), such as before enabling transceivers 23 and 24, for high-speed data 
transmission over the high-speed links of a bus cable, such as high speed links 21 and 22 . Use 
of the high-speed links is denied to peripherals which fail to exhibit proper signature to 
operating system 41 over the secondary links (step 66) Storage medium 45 can be, for 
example, a flash ROM into which the dedicated signature is stored by operating system 41 in 
computer node 10. In an embodiment, the high-speed links are enabled automatically, such 
as by operating system 41, upon recognition of the peripheral. 
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Another feature of the invention provides a user of computer 10 with an opportunity 
to manually approve a change in system configuration. For example, a configuration of 
system 12 can be checked by operating system 41, for example at system initialization (step 
71 of Fig, 5), through the secondary links of bus cables 14.1-14.4 and hubs 13.1-13.2, for 
5 example by investigating the presence and content of various known registers in peripherals 
as known by persons having ordinary skill in the art (step 72). In an embodiment of the 
invention, if a peripheral is found to have been added or removed through responses to the 
queries received over the secondary bus links (steps 73 and 74), operating system 41 generates 
a dialog box on a monitor attached to computer 10 (not shown in Fig. 1) to notify the user (step 

10 75). Preferably, the user is requested to input instructions in response to the information 
gathered over the secondary links (step 76). For example, in the event a rogue device has 
been attached, the user can instruct the system to refrain from activation, sugh as by not 
enabling, or disabling, the high-speed transceivers of the high-speed data hnJcs of one or more 
of bus cables 14. 1-14.4 and hubs 13.1 -13.2 (step 77). A user also can cause acceptance of 

15 the peripheral (step 79), such as by entering the appropriate information including, preferably, 
a password when confronted with the dialog box generated by operating system 41 (step 78). 

Even after a system has been initialized and is running, the invention continues to 
provide security from unwanted intrusions and attempts to access memory 42. For example, 
operating system 41, through the secondary links of bus cables 14.1-14.4 and hubs 13.1 and 

20 13.2, continues to monitor the system as it is running for an occurrence of any real-time plug 
and unplug events L^, connections or disconnections of a peripheral while the system is 
running (step 81 of Fig. 6). In an embodiment, any connections or disconnections of a 
peripheral into hubs 13.1 or 13.2, or along any of bus cables 14.1 - 14.4 are detected by 
operating system 41 through the secondary links of the bus system (step 82). A user of 

25 computer node 10 preferably is notified of the hot plug or unplug, such as through a dialog 
box as discussed above, and can investigate the occurrence to learn of its nature (step 83). In 
a preferred embodiment, the dialog box specifies, for example, the iocation'and identity of the 
hot plug or unplug. An interested user at host computer 10 can investigate the notification to 
determine whether unauthorized access has occurred or been attempted (step 84). In an 

30 embodiment, the user can enter a password allowing a hot-plugged peripheral to join the 
system (step 85), such as by enabling the relevant high-speed transceivers in any of bus cables 
14.1-14.4 and hubs 13.1-13.2 (step 86). Of course, use of the high-speed links for 
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unauthorized access will be prevented (step 87), either affimnatively or by a simple failure to 
enter authorization, such as a password, when prompted. 

The invention therefore provides a variety of non-exclusive, low-cost and easily 
implemented security measures which protect a computer system from an unwanted intrusion. 
5 These security measures are especially important considering the direct memory accessing 
capabilities which can be provided using the high speed Imks of'bus cables 14. 1-14.4 and hubs 
13.1 and 13.2 through DMA engine 44, which could be used for unauthorized accessing of 
main memory 42. 

As described above, processor 46 and operating system 41 substantially control security 

10 system functionality, such as by generating and transmitting peripheral device queries, 
receiving responses thereto and generating graphical user interfaces, such as dialog boxes, 
pertaining to security issues. It should be understood to a person having ordinary skill that the 
activities of processor 46 and operating system 41 with respect to implementation of the 
security features of the invention can be handled by dedicated hardware and software, for 

15 example an expanded host controller II and special software in a dedicated memory or in 

memory 42. ^;r. 

The invention is described above with reference to a limited number of bus cables and 
hubs. It should be understood that the use of additional hubs and cables coupling additional 
peripherals to host 10 is within the scope of the invention. 

20 The present invention can be embodied in the form of computer-implemented processes 

and apparatuses for practicing those processes. The present invention also can be embodied 
in the form of computer program code embodied in tangible media, such as floppy diskettes, 
CD-ROMs, hard drives, or any other computer- readable storage medium, wherein, when the 
computer program code is loaded into and executed by a computer, the computer becomes an 

25 apparatus for practicing the invention. The present invention can also be embodied in the form 
of computer program code, for example, whether stored in a storage medium, loaded into 
and/or executed by a computer, or transmitted over some transmission Hiedium, such as over 
electrical wiring or cabling, through fiber optics, or via electromagnetic radiation, wherein, 
when the computer program code is loaded into and executed by a computer, the computer 

30 becomes an apparatus for practicing the invennon. 

When implemented on a general-purpose microprocessor, the computer program code 
segments configure the microprocessor to create specific logic circuits. 



wo 97/37305 




PCT/US97/04905 



It should be understood that various changes in the details, materials, and arrangements 
of the parts which have been described and illustrated in order to explain the nature of this 
invention may be made by those skilled in the art without depaning from the principle and 
scope of the invention as expressed in the following claims. 



8 
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CLAIMS 

What we claim is:- 



5 1 . A method for providing security from 'an unwanted intrusion into a system, comprising 
the steps of: ' 

(a) coupling a host with a peripheral using a high-speed serial bus having a. high- 
speed physical layer; and 

(b) using feanires of the bus to implement the security. 

10 

2. The method of claim 1 , wherein step (b) comprises the step of using a secondary bus 
within the high-speed serial bus to implement the security. 

3. The method of claim 2. wherein the high-speed physical layer and not the secondary 
15 bus has direct memory accessing capability. 

4. The method of claim 2. wherein step (b) comprises the step of using the secondary bus 
to query an identity of the peripheral. 

20 5. The method of claim 4. further comprising the step of: 

(c) generating an indicator concerning the identity of the peripheral. 

6. The method of claim 5, further comprising the steps of: 

(d) accepting verification from a user of the identity of the peripheral; and 

(e) permitting use of the high-speed physical layer coupling to the peripheral. 

7. The method of claim 4, further comprising the step of: 

(c) preventing use of the high-speed physical layer if the peripheral is unidentified . 

30 8. The method of claim 4. further comprising the step of providing th. identity to the 
peripheral through the secondary bus. 



25 
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9. The method of claim 2, wherein step (b) comprises the step of using the secondary bus 
to detect the occurrence of a real-time connection or disconnection of a peripheral to the high- 
speed serial bus. 

10. The method of claim 9. further comprising the step of: 

(c) generating an indicator when the real-time connection or disconnection of a 
peripheral is detected. 

1 1 . The method of claim 10, wherein a peripheral has been connected, further comprising 
the steps of: 

(d) accepting verification from a user of the connection of the peripheral; and 

(e) permitting use of the high-speed physical layer coupling to the peripheral. 

12. An apparatus for providing security from an unwanted intrusion into a system, 
comprising: 

(a) means for coupling a host with a peripheral using a high-speed serial bus having 
a high-speed physical layer; and 

(b) means for using features of the bus to implement the security. 

13. The apparatus of claim 12, wherein means (b) uses a secondar>' bus within the high- 
speed serial bus to implement the security. 

14. The apparatus of claim 13, wherein the high-speed physical layer and not the secondary 
bus has direct memory accessing capability. 

15. The apparatus of claim 13, wherein means (b) uses the secondary bus to query an 
identity of the peripheral. 

16. The apparatus of claim 15, further comprising: 

(c) means for generating an indicator concerning the identity of the peripheral . 



17. The apparams of claim 16, further comprising: 

10 
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and 



(d) means for accepting verification from a user of the identity of the peripheral; 



(e) means for permitting use of the high-speed physical layer coupling to the 
peripheral. 



18. The apparatus of claim 15. further comprising: 

(c) means for preventing use of the high-speed physical layer if the peripheral is 
unidentified. 



19. The apparatus of claim 15. wherein means (b) provides the identity to the peripheral 
through the secondary bus. 



20. The apparatus of claim 13, wherein means (b) uses the secondary bus to detect the 
occurrence of a real-time connection or disconnection of a peripheral to the high-speed serial 

bus. 



2L The apparatus of claim 20, further comprising: 

(c) means for generating an indicator when the real-iime connection or 
disconnection of a peripheral is detected. 



The apparatus of claim 21, wherein a peripheral has been connected, further 
comprising: 

(d) means for accepting verification from the user of the connection of the 
peripheral; and 

(e) means for permitting use of the high-speed physical layer coupling to the 
peripheral. 



23. An apparatus for providing security against unwarned access to a system having a host 
and a peripheral, comprising: 

(a) a hign-speed serial bus having a high-speed physical layer and a secondary bus 
for coupling the host to the peripheral, and; 

(b) means for controlling the apparauis. 

11 
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24. The apparatus of claim 23, wherein the means for controlling is a microprocessor on 
the host. 

25. The apparatus of claim 23, wherein the secondary bus is used to implement the 
security. 

26. The apparatus of claim 25, wherein the high-speed physical layer but not the secondary 
bus can directly access memory on the host, 

27. The apparams of claim 25, wherein the means for controlling uses the secondary bus 
to query an identity of the peripheral. 

28- The apparatus of claim 27, wherein the means for controlling generates an indicator 
concerning an identity of the peripheral. 

29. The apparams of claim 28, wherein the means for controlling: 
accepts verification from a user of the identity of the peripheral; and 
permits use of the high-speed physical layer coupling to the peripheral. 

30. The apparams of claim 27. wherein the means for controlling prevents use of the high- 
speed physical layer if the peripheral is unidentified. 

31 . The apparatus of claim 25, wherein the means for controlling uses the secondary bus 
to detect the occurrence of a real-time connection or disconnection of a peripheral to the high- 
speed serial bus. 

32. The apparatus of claim 31, wherein the means for controlling generates an indicator 
when the connection or disconnection of a peripheral is detected. 

33. The apparatus of claim 32, wherein when a peripheral has been connected: 



12 
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the means for controlling accepts verification from the user of the connection of the 
peripheral; and 

the meaas for controlling permits use of the high-speed physical layer coupling to the 
peripheral. 

34. A storage medium encoded with machine-readable fcomputer program code for 
providing security from an unwanted intrusion into a system having a host computer coupled 
to a peripheral by a high-speed serial bus having a high-speed physical layer and a secondary 
bus, comprising; 

(a) means for causing the host computer to supervise provision of the security; and 

(b) means for causing the host computer to use features of the bus to implement the 
security. 

35- The storage medium of claim 34, wherein means (b) comprises means for causmg the 
host computer to use the secondary bus to implement the security. 

36. The storage medium of claim 35. wherein the high-speed physical layer and not the 
secondary bus has direct memory accessing capability. 

37. The storage medium of claim 35, wherein means (b) comprises means for causing the 
host computer to use the secondary bus to query an identity of the peripheral. 

38. The storage medium of claim 37, further comprising: 

(c) means for causing the host computer to generate an indicator concerning the 
identity of the peripheral. 

39. The storage medium of claim 38, funher comprising: 

(d) means for causing the host computer to accept verification from a user of the 
identity of the peripheral; and 

(e) means for causing the host compuu. to permit use of the high-speed physical 
layer coupling to the peripheral. 
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40. The storage medium of claim 37, further comprising means for causing the host 
computer to prevent use of the high-speed physical layer if the peripheral is unidentified. 

41. The storage medium of claim 37, further comprising means for causing the host 
5 computer to provide the identity to the peripheral through the secondar\' bus. 

42. The storage medium of claim 35, wherein means (b) comprises means for causing the 
host computer to use the secondary bus to detect the occurrence of a real-time connection or 
disconnection of a peripheral to the high-speed serial bus. 

10 

43. The storage medium of claim 42, further comprising means for causing the host 
computer to generate an indicator when the real-time connection or disconnection of a 
peripheral is detected. 

15 44. The storage medium of claim 43, wherein a peripheral has been connected, funher 
comprising means for causing the host computer to: 

accept verification from the user of the connection of the peripheral; and 
permit use of the high-speed physical layer coupling to the peripheral. 

20 45. The storage medium of claim 34, wherein the computer program code is an operating 
system. 
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